articles

Encryption not an issue for NSA

Any time a ranking member of a top intelligence group, like the National Security Agency, seems to be in agreement with the sentiments of privacy advocates, you can bet things aren’t as chummy as all that. Even if it’s a refreshing break from the usual governmental discourse. Ordinarily, on the subject of encryption, we get caught in a flurry of doomsaying, with federal officials—like Director James Comey at the FBI among others—decrying its potential role in affording secrecy to terrorists and other criminal elements. In essence, worrying that encryption allows these people to plan covertly, invisible to law enforcement.

As I’ve stressed before, I’m sympathetic to and overall supportive of counterterrorism efforts, and have no wish to see attacks carried out successfully, but don’t believe that encryption is the looming menace it’s often painted as.

That’s why NSA Director Adm. Mike Rogers words, “Encryption is foundational to the future,” and that arguing against it is “a waste of time” seems like a nice change of pace. And yet, if it sounds too good to be true…well, let’s just say there is little reason for the agency to sweat encryption. They don’t need it. Instead, the NSA takes advantage of other options, like tracking metadata, for instance. Metadata can reveal patterns of communication, even if the actual content is ciphered. Looking at something as simple as email: even if an agency can’t read the message, they can still see that you sent or received an email from a certain contact. And if said contact is on, say, a terrorist watch list, well, it really doesn’t matter what the message says, does it?

That, of course, is assuming the NSA even needs to find ways around encryption, when they’re quite capable of brute-force hacking to get to the content. Over the years, law enforcement have become quite adept at installing viruses and other types of malicious code onto devices. It’s one of their dirty little not-so-secrets. The FBI, for example, “routinely identifies, evaluates, and tests potential exploits in the interest of cyber security,” says bureau spokesperson Christopher Allen. Meanwhile, the NSA’s 2013 “black budget” request, revealed in the Snowdwn documents, prioritized “investing in groundbreaking cryptanalytic capabilities to defeat adversarial cryptography and exploit internet traffic,” with over $1 billion dedicated to the effort.

Only a few of these cases have made the news, but they show how agencies like the FBI has used phishing attack, “watering hole” traps, and physical tampering to identify and catch suspects in the past, including bomb threats from teenagers. Once they’re through the door, they can read messages before they’ve been encrypted or after they’ve been unencrypted.

The main takeaway from all this is simple. Be wary of fair words on encryption from those who in reality need not abide by them.